an IP hijacking attempt

• Previous message (by thread): an IP hijacking attempt
• Next message (by thread): an IP hijacking attempt
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It could just be a typo on the LOA. It seems unlikely any ISP would approve a forged LOA that could readily be debunked by contacting the IP space owner. The whole point of LOA’s is to facilitate this verification. 

-mel via cell

> On Mar 9, 2021, at 10:01 AM, Brian Turnbow via NANOG <nanog at nanog.org> wrote:
> 
> Hello everyone,
> 
> We received a strange request that I wanted to share.
> An email was sent to us asking to confirm a LOA from a diligent ISP.
> The Loa was a request to open bgp for an AS , that is not ours, to announce a /23 prefix that is ours.
> So basically this entity sent to their upstream a request to announce a prefix from one our allocated ranges.
> We have the allocation correctly registered and ROAs in place , but it is worrisome that someone would attempt this.
> Obviously we have informed the ISP that the LOA is not valid and are trying to contact the originating party.
> Aside from RIRs for the offending AS and our IPs,  Is there anywhere to report this type of activity?
> We have dealt with hijacking technically speaking in the past but this is the first time, to my knowledge, of someone forging a LOA with our IPs.
> 
> Thanks in advance for any advice
> 
> Brian
> 
> P.S. a big thanks to Chris for checking the boxes before activating the filter if you are on the list!
> 
> 
> 
> 

• Previous message (by thread): an IP hijacking attempt
• Next message (by thread): an IP hijacking attempt
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]